joshfinley
/ get_aws_signon_url.py
Last active
February 19, 2025 20:48
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import json | |
| import requests | |
| import urllib.parse | |
| def get_sign_on_url(credentials): | |
| # Ensure credentials exist | |
| if not credentials.access_key or not credentials.secret_key or not credentials.token: | |
| raise ValueError("Invalid AWS credentials.") | |
| # Generate session JSON |
joshfinley
/ smb-scan-using-arp.ps1
Created
February 19, 2025 21:13
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Run arp -a and extract IP addresses | |
| $ips = arp -a | ForEach-Object { | |
| if ($_ -match '(\d+\.\d+\.\d+\.\d+)') { | |
| $matches[1] | |
| } | |
| } | Where-Object { $_ -ne "0.0.0.0" -and $_ -ne "255.255.255.255" } | |
| # Function to check SMB connectivity | |
| function Check-SMB { | |
| param ( |
joshfinley
/ basic-port-scan.ps1
Last active
February 19, 2025 21:19
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Define ports to check | |
| $ports = @(22, 53, 80, 443, 445) | |
| # Get IPs from arp -a | |
| $ips = arp -a | ForEach-Object { | |
| if ($_ -match '(\d+\.\d+\.\d+\.\d+)') { | |
| $matches[1] | |
| } | |
| } | Where-Object { $_ -ne "0.0.0.0" -and $_ -ne "255.255.255.255" } |
joshfinley
/ top-ports-scan.ps1
Created
February 19, 2025 21:27
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Define the target host | |
| $target = "192.168.1.1" # Change this to your target IP or hostname | |
| # 100 most common ports | |
| $ports = @(21, 22, 23, 25, 26, 37, 53, 67, 68, 69, 80, 81, 88, 110, 111, 123, 135, 137, 138, 139, 143, 161, 162, 179, 199, 389, 427, 443, 445, 465, 500, 514, 515, 520, 523, 524, 548, 554, 587, 623, 636, 873, 902, 989, 990, 993, 995, 1025, 1080, 1194, 1433, 1723, 2049, 2082, 2083, 2181, 2195, 3128, 3268, 3306, 3389, 3690, 4000, 4045, 4369, 4500, 4664, 4899, 5000, 5060, 5190, 5222, 5432, 5500, 5631, 5900, 6000, 6379, 6665, 6666, 6667, 7001, 7002, 8000, 8008, 8080, 8081, 8443, 8888, 9000, 9090, 9100, 9418, 9999, 10000, 32768, 49152, 49153, 49154, 49155, 49156, 49157) | |
| # Function to check open ports | |
| function Check-Port { | |
| param ( | |
| [string]$ip, |
joshfinley
/ lambda-get-creds.py
Created
March 3, 2025 20:31
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import boto3 | |
| def lambda_handler(event, context): | |
| session = boto3.Session() | |
| credentials = session.get_credentials().get_frozen_credentials() | |
| print("Access Key:", credentials.access_key) | |
| print("Secret Key:", credentials.secret_key) | |
| print("Session Token:", credentials.token) |
joshfinley
/ lambda-to-aws-cred.py
Created
March 4, 2025 14:32
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import boto3 | |
| import json | |
| import os | |
| def lambda_handler(event, context): | |
| """ | |
| Lambda function to print AWS credentials in credentials file format | |
| Uses the IAM role name as the profile name | |
| SECURITY WARNING: |
joshfinley
/ s3_cred_enum.py
Last active
March 4, 2025 15:22
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import boto3 | |
| import re | |
| import json | |
| import sys | |
| import argparse | |
| import mimetypes | |
| import os | |
| import yaml | |
| class SecretScanner: |
joshfinley
/ assume_tool.py
Created
March 4, 2025 16:06
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import boto3 | |
| import argparse | |
| import re | |
| import botocore.exceptions | |
| import itertools | |
| import os | |
| def generate_role_permutations(keywords): | |
| """ | |
| Generate role name permutations from a list of keywords |
joshfinley
/ enumerate_ec2_passwords.py
Created
March 4, 2025 18:42
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import boto3 | |
| import base64 | |
| import argparse | |
| # Parse command-line arguments | |
| parser = argparse.ArgumentParser(description="List EC2 instances and their passwords.") | |
| parser.add_argument("--profile", required=True, help="AWS profile to use") | |
| args = parser.parse_args() | |
| # Use specified AWS profile |
joshfinley
/ find_etw_guid.js
Created
March 29, 2025 07:34
Windbg script for finding ETW information
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| "use strict"; | |
| function initializeScript() | |
| { | |
| return [new host.apiVersionSupport(1, 7)]; | |
| } | |
| function findRegHandlesForGuid(targetGuidStr) | |
| { | |
| let dbgOutput = host.diagnostics.debugLog; |